Vessel Entry Application
Vessel Entry Application
Vessel Entry Application
Server
System Administrator's Guide
Release 9.0.2
E52523-01
August 2014
Oracle Communications Instant Messaging Server System Administrator's Guide, Release 9.0.2
E52523-01
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed on
the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle
Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your
access to or use of third-party content, products, or services.
Contents
iii
3 Using LDAP with Instant Messaging Server
Managing LDAP Access Configuration for Instant Messaging Server......................................... 3-1
Overview of How Instant Messaging Server Uses LDAP............................................................ 3-1
Searching the Directory Anonymously........................................................................................... 3-2
To Enable the Server to Conduct Directory Searches as a Specific End User .................... 3-2
Configuring Instant Messaging Server to Use LDAP Groups ........................................................ 3-2
To Configure Instant Messaging Server to Use LDAP Groups................................................... 3-3
To Use Group Messaging.................................................................................................................. 3-4
To Configure Chat Room Membership Based on LDAP Group Membership ......................... 3-4
To Use Chat Rooms Based on LDAP Group Membership .......................................................... 3-5
iv
8 Configuring LDAP Failover
Configuring LDAP Failover Overview ................................................................................................ 8-1
Setting Up LDAP Failover ...................................................................................................................... 8-1
v
RFC 822 Email Archive Header Fields for Public Conferences ...................................... 10-12
RFC 822 Email Archive Header Fields for Poll Questions with Replies........................ 10-12
RFC 822 Email Archive Header Fields for Poll Replies Only.......................................... 10-12
RFC 822 Email Archive Header Fields for Alerts.............................................................. 10-12
RFC 822 Email Archive Header Fields for New Channel Posts...................................... 10-12
Enabling and Disabling the Instant Messaging Server Custom Archive Provider ............... 10-13
To Enable a Custom Archive Provider ...................................................................................... 10-13
To Disable a Custom Archive Provider ..................................................................................... 10-13
vi
Connection Refused or Timed Out............................................................................................... 13-2
Authentication Errors ..................................................................................................................... 13-2
Instant Messaging Server Content is not Archived.................................................................... 13-2
Server-to-Server Communication Fails to Start .......................................................................... 13-3
Troubleshooting Instant Messaging Server and LDAP................................................................. 13-3
Using a Directory That Does not Permit Anonymous Bind ..................................................... 13-3
To Configure Bind Credentials for Instant Messaging Server.................................................. 13-3
To Change the Attribute Used to Display Contact Names ....................................................... 13-3
Searching the Directory by Using Wildcards.............................................................................. 13-3
Using Nonstandard Objectclasses for Users and Groups ......................................................... 13-4
To Change the Objectclasses Used to Specify Users and Groups ............................................ 13-4
Using an Attribute Other than uid for User Authentication .................................................... 13-4
To Change the Attribute Used for User Authentication ........................................................... 13-4
Using an Attribute Other than uid for User IDs......................................................................... 13-4
To Change the Attribute Used for User IDs................................................................................ 13-4
Troubleshooting Connectivity Issues in a Multi-Node Deployment (Server Pool) ................ 13-5
Managing the Watchdog Process ....................................................................................................... 13-5
Determining the Status of the Watchdog .................................................................................... 13-5
To Determine the Status of the Watchdog................................................................................... 13-5
Enabling and Disabling the Watchdog ........................................................................................ 13-5
To Enable or Disable the Watchdog ............................................................................................. 13-5
Managing Logging for the Watchdog .......................................................................................... 13-6
vii
16 Federating Instant Messaging Server with External Servers
Federating Multiple Instant Messaging Servers Overview .......................................................... 16-1
Securing Server-to-Server Communication................................................................................. 16-1
Configuring Federated Communication Between Instant Messaging Servers......................... 16-2
Federation Examples ...................................................................................................................... 16-2
Configuring DNS for XMPP Federation ...................................................................................... 16-3
Configuring DNS for SIP Federation ........................................................................................... 16-3
viii
19 Configuring the SIP Gateway
SIP Gateway Overview ........................................................................................................................ 19-1
SIP Gateway Architecture.................................................................................................................... 19-2
Configuring the SIP Gateway............................................................................................................. 19-3
Prerequisites for Configuring the SIP Gateway.......................................................................... 19-4
To Configure Instant Messaging Server for the SIP Gateway .................................................. 19-4
Configuring the SIP Gateway in Component Mode........................................................... 19-4
Configuring SIP Gateway in Federation Mode ................................................................... 19-5
To Enable S2S Communication Using TLS and SASL-External........................................ 19-5
To Enable S2S Communication Using TLS and Dialback .................................................. 19-5
To Enable S2S Communication Using Plain Text and Dialback ....................................... 19-6
To Configure Logging for the SIP Gateway ................................................................................ 19-6
To Configure the Oracle Communications Converged Application Server .......................... 19-6
To Test the SIP Gateway ................................................................................................................ 19-6
Troubleshooting the SIP Gateway..................................................................................................... 19-7
Configuring DNS for XMPP and SIP Federation ........................................................................... 19-7
ix
Configuring Java Message Queue (JMQ) Brokers for Calendar Availability........................... 23-1
27 Configuration Properties
iim.conf.xml File Location ................................................................................................................... 27-1
iim.conf.xml File Syntax ...................................................................................................................... 27-1
Multiple Server Configuration Properties ....................................................................................... 27-9
Shoal Configuration Properties........................................................................................................ 27-10
Multiplexor Configuration Properties ............................................................................................ 27-11
Archive Properties............................................................................................................................... 27-12
Watchdog Properties........................................................................................................................... 27-14
Monitoring Properties ........................................................................................................................ 27-15
Agent Properties .................................................................................................................................. 27-15
x
JMQ Properties .................................................................................................................................... 27-16
HTTP/XMPP Gateway Properties .................................................................................................... 27-17
SMS Integration Properties............................................................................................................... 27-17
Facebook Gateway Properties........................................................................................................... 27-18
Gateway Connector Properties ......................................................................................................... 27-19
xi
httpbind.conf File Syntax .................................................................................................................... 33-1
How Load Balancing Occurs ............................................................................................................... 33-2
Instant Messaging Server XMPP/HTTP Gateway Configuration Parameters .......................... 33-2
Gateway Domain ID Key Parameters for httpbind.config ........................................................... 33-4
xii
Preface
Audience
This document is intended for system administrators whose responsibility includes
Instant Messaging Server. This guide assumes you are familiar with the following
topics:
■ Messaging Server and Calendar Server protocols
■ Oracle Directory Server Enterprise Edition and LDAP
■ System administration and networking
■ General deployment architectures
Related Documents
For more information, see the following documents in the Instant Messaging Server
documentation set:
■ Instant Messaging Server Installation and Configuration Guide: Provides instructions
for installing and configuring Instant Messaging Server.
■ Instant Messaging Server Release Notes: Describes the new features, fixes, known
issues, troubleshooting tips, and required third-party products and licensing.
■ Instant Messaging Server Security Guide: Provides guidelines and recommendations
for setting up Instant Messaging Server in a secure configuration.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
xiii
xiv
Part I
Part I Monitoring and Managing Instant Messaging
Server
Overview
Use this command to create a WAR file or a ZIP file that contains a WAR file and
additional files needed for an XMPP Web component.
■ passwordtool
Use this command to generate encryption keys for passwords, re-generate
encryption keys for passwords, generate encrypted passwords, and verify that an
unencrypted password matches an encrypted password.
Components
If both server and multiplexor are enabled, this command first starts the Instant
Messaging server, and then starts the multiplexor.
If the watchdog is enabled (default), this command starts the watchdog, then the
watchdog reads the configuration file and starts the Instant Messaging server and/or
multiplexor as necessary.
Multiplexor:
imadmin start multiplexor
Calendar agent:
imadmin start agent-calendar
Watchdog:
imadmin start watchdog
SMS Gateway:
imadmin start sms-gateway
Gateway Connector:
imadmin start gw-connector
If the watchdog is running, imadmin stop brings the watchdog down first, and then
stops the server and the multiplexor, or just the multiplexor if that is running
separately.
This command stops the server, multiplexor, Calendar agent, watchdog, SMS Gateway,
Facebook Gateway, terminates all end user connections, and disconnects any inbound
and outbound servers configured.
Multiplexor:
imadmin stop multiplexor
Calendar agent:
imadmin stop agent-calendar
Watchdog:
imadmin stop watchdog
Registering SMF
There is no need to explicitly register SMF. The Instant Messaging Server initial
configuration process registers SMF. However, if need be, at the command line, enter
the following:
imadmin smf-register
Unregistering SMF
To unregister SMF:
■ At the command line, enter the following:
imadmin smf-unregister
This command stops the server, multiplexor, Calendar agent, watchdog, SMS Gateway,
Facebook Gateway, terminates all end user connections, and disconnects any inbound
and outbound servers configured.
If the watchdog is running, imadmin stop brings the watchdog down first, and then
stops the server and/or the multiplexor. The command then starts the watchdog,
which reads the configuration file and starts the Instant Messaging server and/or
multiplexor as necessary.
Multiplexor:
imadmin refresh multiplexor
Calendar agent:
imadmin refresh agent-calendar
Watchdog:
imadmin refresh watchdog
Server [UP]
Multiplexor [UP]
Agent:calendar [DOWN]
Watchdog [UP]
Multiplexor:
imadmin status multiplexor
Calendar agent:
imadmin status agent-calendar
Watchdog:
imadmin status watchdog
Backup Information
The types of Instant Messaging Server information that needs to be backed up are:
■ Configuration information
■ Instant Messaging Server end user data
■ Instant Messenger resources
The configuration information is stored in the configuration directory
(InstantMessaging_cfg). The Instant Messaging Server data is stored in the database
directory (InstantMessaging_database). Default paths are described in "Configuration
File and Directory Structure Overview".
Performing a Backup
While the configuration information does not change frequently, the Instant Messaging
Server end-user data changes rapidly and to prevent any loss of end-user data you
should back up the Instant Messaging Server end-user data on a periodic basis. You
need to perform the backup before running the installation program and the
uninstallation program.
To back up the end user data and the configuration information you do not have to
stop the Instant Messaging server as all the disk commits by the server are
automatically performed.
a. Files: 600 (indicating read and write permissions for owner only)
b. Directories: 700 (indicating read, write, and execute permissions for owner
only)
Refer to your operating system documentation for information on changing
permissions and owners.
5. Start Instant Messaging server.
imadmin start
This chapter covers aspects of using LDAP with Oracle Communications Instant
Messaging Server. It contains the following sections:
■ Managing LDAP Access Configuration for Instant Messaging Server
■ Configuring Instant Messaging Server to Use LDAP Groups
■ LDAP static group: A static group is one whose entry contains a membership list
of explicit DNs. You can define a static group by using the groupOfUniqueNames
object class and by explicitly specifying the member DNs using the
uniqueMember attribute.
In Directory Server and some other LDAP servers, dynamic groups filter end users
based on their DN and include them in a single group. The dynamic groups are
defined in Directory Server by the groupOfUrls object class.
To enable end users to view the dynamic groups in search results and add them to
their contact list, you need to include groupOfUrls objects in search results.
Starting with Instant Messaging Server 9.0.2.6.0, you can assign/affiliate LDAP groups
as members of a restricted chat room. When Instant Messaging Server creates the
multi-user chat room, it loads the chat room’s affiliations from LDAP. Instant
Messaging Server determines if the user is a member of any of the groups authorized
for the multi-user chat room. Instant Messaging Server then allows the users to join if
they are members and otherwise forbids users from joining. You use the iim_
server.enablegroupsinconference property to enable and disable multi-user chat.
When set to true, this property enables groups for multi-user chat. When set to false,
this property disables groups for multi-user chat. By default, groups for multi-user
chat is disabled.
This section contains the following topics:
■ To Configure Instant Messaging Server to Use LDAP Groups
■ To Use Group Messaging
■ To Configure Chat Room Membership Based on LDAP Group Membership
3. Set the appropriate configuration property, depending on if you want to search for
dynamic or static groups.
■ To search for dynamic groups, set the following properties:
imconfutil set-prop iim_
ldap.groupbrowsefilter="(|(&((objectclass=groupofurls)(cn={0}))" -c $IM_
BASE_DIR/config/iim.conf.xml
imconfutil set-prop iim_ldap.groupclass=groupofurls -c $IM_BASE_
DIR/config/iim.conf.xml
Do not include line breaks within a single line. The attribute and object class
names are configurable. By default, the memberOfUrls attribute is used as the
membership attribute of a dynamic group. If you want to use an attribute
name other than memberOfUrls, set the iim_ldap.groupmemberurlattr
option to the attribute name you want to use.
■ To search for both dynamic and static groups, set the following properties:
imconfutil set-prop iim_
ldap.groupbrowsefilter="(|(&(objectclass=groupofuniquenames)(cn={0}))(&(obj
ectclass=groupofurls)(cn={0})))" -c $IM_BASE_DIR/config/iim.conf.xml
$IM_BASE_DIR/sbin/imconfutil set-prop iim_
ldap.groupclass=groupofurls,groupofuniquenames -c $IM_BASE_
DIR/config/iim.conf.xml
4. To search for static groups having groupofnames object class, set the following
properties:
imconfutil set-prop iim_
ldap.groupbrowsefilter="(&(objectclass=groupofnames)(cn={0}))" -c $IM_BASE_
DIR/config/iim.conf.xml
imconfutil set-prop iim_ldap.groupclass=groupofnames -c $IM_BASE_
DIR/config/iim.conf.xml
imconfutil set-prop iim_ldap.groupmemberattr=member -c $IM_BASE_
DIR/config/iim.conf.xml
b. To verify that the group was added successfully to the member list, run the
following command:
/affiliate member
Users of the group should now be able to join and participate in the chat room.
Users
Table 4–1 Instant Messaging Server New User Registration Configuration Parameters
Parameter Description
iim.register.enable If true, the server allows new Instant Messaging
Server end users to register themselves (add
themselves to the directory) by using Instant
Messenger.
Table 4–1 (Cont.) Instant Messaging Server New User Registration Configuration
Parameter Description
iim_ldap.register.basedn If self-registration is enabled, the value of this
parameter is the DN of the location in the LDAP
directory in which person entries are stored. For
example: ou=people,dc=siroe,dc=com.
iim_ldap.register.domain The domain to which new users will be added. For
example, directory.siroe.com.
If the values are not set, use the imconfutil command to set them.
2. Run imadmin assign_services:
imadmin assign_services
This chapter describes how you can manage messages that are sent to offline Oracle
Communications Instant Messaging Server users so they receive queued messages the
next time they log in. The messages can be sent as an SMS or forwarded as an email.
For more information on Instant Messaging Server and calendar alerts, see the topic on
planning your installation in Instant Messaging Server Installation and Configuration
Guide.
For information about SMS forwarding, see "Configuring the SMS Gateway".
the offline message support is based on the XEP-160 guidelines, and supports the
entire deployment to cover domains.
Instant Messaging Server supports offline message delivery of one-to-one chat. The
offline message support for a multi-user chat is available in persistent chat rooms. You
can set the maximum number of chat messages you want to receive. You can use the
same properties to whitelist or blacklist specific domain names for which this
capability can be enabled. The messages are queued for offline delivery in the Instant
Messaging Server data directory on the file system of the host. For more information,
see the topic on support topics in Instant Messaging Server Installation and Configuration
Guide. Also, see Best Practices for Handling Offline Messages at:
http://xmpp.org/extensions/xep-0160.html
Table 5–1 shows the configuration properties used to enable support for offline
messages:
For more information on the complete list of Instant Messaging Server configuration
properties, see "Configuration Properties".
Performance
This chapter describes how to enhance the tuning and performance of Oracle
Communications Instant Messaging Server.
Defined thread pools can be specified and used with an associated server-only service
port. You can modify the thread and port configurations by using the imconfutil
command. You need to restart the server after making changes to the thread and port
configurations.
where,
■ iim_server.memory.user.cache_count specifies the memory user cache size. In the
this sample, the value is set to 128 for a user base of 100,000. If the user base is
more than 100,000, increase this value proportionately.
■ iim_server.scratch_directory specifies the directory where the user cache is written
to the disk. Place the scratch directory on tempfs. For 100,000 user base in Solaris
10 OS, approximately 500 to 600 MBytes of space is required on a file system and
approximately 4 to 5 GBytes of space is required on tempfs.
■ iim_ldap.maxconns specifies the LDAP context pool size. In case of more roster
operations and in a server pool environment, increase this value appropriately.
■ iim_server.maxthreads specifies the size of the thread pool. If you do not have
sufficient memory to keep user cache in tempfs, you can increase the value of the
thread pool.
■ iim_server.jvm.options enables use of the 64-bit JVM and thus large heap sizes.
■ iim_mux.jvm.options enables you start the multiplexor in 64-bit mode.
■ iim_mux.maxsessions specifies the maximum number of concurrent client
connection a multipexor can accept.
■ iim_server.maxsessions specifies the number of sessions allowed through an
instance of multipexor connected to the server.
Availability
HA Configuration Requirements
To install and configure an Instant Messaging Server HA configuration, log in or
become root and specify a console or window for viewing messages that exist in the
/dev/console directory.
To start the Instant Messaging Server HA service, enter the following command:
scswitch -e -j IM_SVR_RS
To stop the Instant Messaging Server HA service, enter the following command:
scswitch -n -j IM_SVR_RS
To restart the Instant Messaging Server HA Service, enter the following command:
scswitch -R -j IM_SVR_RS
Choosing a High Availability Model for Your Instant Messaging Server Deployment
This section lists the HA models, and describes the procedure to install and configure
the asymmetric and symmetric models for deployment.
Table 7–3 summarizes the advantages and disadvantages of each HA model. Use this
information to decide the appropriate model for your deployment.
c. Using the Oracle Solaris Cluster command-line interface, create and enable a
resource group for Instant Messaging Server.
For step-by-step instructions, see "Installing and Configuring in an Asymmetric HA
Environment".
For the failover FFS, the directory should be similar to the following example.
## Fail Over File System/Local File System ##
/dev/md/penguin/dsk/d400 /dev/md/penguin/rdsk/d400 /local/im ufs 2 no logging
Note: The fields in these commands are separated by tabs and not
spaces.
Creating the Instant Messaging Server Directory on all the Shared Disks of the
Cluster in the HA Deployment
For all the nodes of the cluster, create a directory, InstantMessaging_runtime, to store the
configuration details and data. For example, to create an Instant Messaging Server
directory on a shared disk, enter either one of the following:
mkdir -p /local/im
or
mkdir -p /global/im
■ Runtime UID: User name using which the Instant Messaging server runs. The
default value is inetuser.
■ Runtime GID: Group using which the Instant Messaging server runs. The default
value is inetgroup. Although the configure utility creates the IDs, you can create
the IDs before you invoke the configure utility as part of the preparation of each
node. Create the runtime UID and GID on a node where you will not invoke the
configure utility, which is usually secondary node.
Make sure that the user name, group name and the corresponding UID and GID are
the same in the following files on all nodes:
■ inetuser or the name that you select in the /etc/passwd directory on all the nodes
in the cluster
■ inetgroup or the name that you select in the /etc/group directory on all the nodes
in the cluster
Refer to your operating system documentation for detailed information about users
and groups.
Selecting the Default Installation Directory "IM_SCHA"
For Instant Messaging Server and Instant Messaging Server Oracle Solaris Cluster
agent IM_SCHA, the Communications Suite installer uses the /opt/sun/comms
directory on the Oracle Solaris operating system as the default installation directory.
The value of the InstantMessaging_home variable is /opt/sun/comms/im.
However, if you are using a shared disk for binaries, you must specify a CFS or a FFS
installation directory. For example, if /global/im/ is the installation directory, then the
value of InstantMessaging_home is /global/im/im.
If you are using a local disk, you should install the Instant Messaging in the same
directory on each machine in the node.
■ Configuration files and runtime files reside on a CFS or on a highly-available FFS.
Binaries are installed on local file systems on each node at the same location.
Enables rolling upgrade of the Instant Messaging Server software.
■ Binaries, configuration files and runtime files either reside on a CFS or on a
highly-available FFS. The Instant Messaging Server installation is required only on
one node as the binaries are shared across all the nodes. Instant Messaging Server
upgrade needs a server down time.
Installing Instant Messaging Server Products and Packages
Install products and packages by using the Communications Suite installer. For more
information about the installer, see Communications Suite Installation Guide at:
https://wikis.oracle.com/display/Communications+Suite+7.0.6+Installation+G
uide
Table 7–4 lists the products or packages required for a multiple node cluster
configuration.
On Solaris 10 zones, run the commpkg command from global and non-global
zones.
2. Select the Instant Messaging Server Oracle Solaris Cluster HA Agent software
when prompted.
3. Enter the Oracle Solaris Cluster HA Agent preconfiguration command.
IM_SCHA_BASE/bin/init-config
On Solaris 10 zones, run this command only from the global zone.
Setting Up the Primary Node
Use the Oracle Solaris Cluster command line interface to set up HA on the first node.
1. Register the Instant Messaging Server and HAStoragePlus resource.
scrgadm -a -t SUNW.HAStoragePlus
scrgadm -a -t SUNW.iim
2. Create a failover Instant Messaging Server resource group. For example, for a two
node asymmetric cluster setup, the following command creates the Instant
messaging resource group IM-RG with the primary node as NODE1 and the
secondary, or failover, node as NODE2.
scrgadm -a -g IM-RG -h IM_NODE1,IM_NODE2
3. Create a logical hostname resource in the Instant Messaging Server resource group
and change the resource group state to online. For example, the following
instructions create the logical hostname resource LOG_HOST_RS and bring the
resource group IM-RG to online state.
scrgadm -a -L -g IM-RG -l LOG_HOST_RS
scrgadm -c -j LOG_HOST_RS -y \
R_description="LogicalHostname resource for LOG_HOST_RS"
scswitch -Z -g IM-RG
4. Create and enable the HAStoragePlus resource. For example, the following
commands create and enable the HAStoragePlus resource IM_HASP_RS.
scrgadm -a -j IM_HASP_RS -g IM-RG -t
SUNW.HAStoragePlus:4 -x FilesystemMountPoints=/IM_RUNTIME_DIR
scrgadm -c -j IM_HASP_RS -y
R_description="Failover data service resource for SUNW.HAStoragePlus:4"
scswitch -e -j IM_HASP_RS
For more information about the configure utility, see Instant Messaging Server
Installation and Configuration Guide.
2. When prompted for the Instant Messaging Server runtime files directory
InstantMessaging_runtime, enter either of the following commands:
a. If you are using FFS for the runtime files, enter /local/im.
b. If you are using a CFS for the runtime files, enter /global/im.
3. If prompted for the Instant Messaging Server host name, enter the logical host.
Choose to accept the logical host even if the configure utility is unable to connect
to the specified host. The logical host resource might be offline at the time when
you invoke the configure utility.
4. Do not start Instant Messaging Server after configuration or on system startup.
5. Copy the Instant Messaging Server 9 configuration file iim.conf.xml to the
iim.conf file with the same permissions.
Note: Also copy the iim.conf.xml file to iim.conf after any future
configuration changes as cluster uses the iim.conf file.
6. To use the Gateway Connector service in HA, update this service configuration
with the virtual host name or IP address and port number as follows:
imconfutil --config config_file_path iim_gwc.hostport=virtual host-name or
ip:port
For example:
/opt/sun/comms/sbin/imconfutil --config /DATA1/default/config/iim.conf.xml iim_
gwc.hostport=192.10.12.11:22222
8. Test the successful creation of the Instant messaging resource group by performing
a failover.
scswitch -z -g IM-RG -h IM_NODE2
Initial Tasks
You must complete the following preparatory tasks before installing Instant Messaging
Server on the nodes. The preparatory tasks are:
■ Creating File Systems
■ Installing the Instant Messaging Server HA Package
■ Preparing Each Node of the Cluster
Creating File Systems
Instant Messaging Server binaries, configuration files, and runtime files reside on the
CFS or on the highly available FFS. For each Instant Messaging Server instance,
installation is needed on only one node as the binaries are shared across all the nodes.
To create file systems:
1. Create four file systems by using CFS or FFS.
To create a system by using CFS, for example, the contents of the /etc/vfstab file
should appear as follows.
# Cluster File System/Global File System ##
/dev/md/penguin/dsk/d500 /dev/md/penguin/rdsk/d500
/INSTALL-ROOTIM1 ufs 2 yes logging,global
/dev/md/penguin/dsk/d400 /dev/md/penguin/rdsk/d400
/share-disk-dirIM1 ufs 2 yes logging,global
/dev/md/polarbear/dsk/d200 /dev/md/polarbear/rdsk/d200
/INSTALL-ROOTIM2 ufs 2 yes logging,global
/dev/md/polarbear/dsk/d300 /dev/md/polarbear/rdsk/d300
To create a system by using FFS, for example, the contents of the /etc/vfstab file
should appear as follows.
# Failover File System/Local File System ##
/dev/md/penguin/dsk/d500 /dev/md/penguin/rdsk/d500
/INSTALL-ROOTIM1 ufs 2 yes logging
/dev/md/penguin/dsk/d400 /dev/md/penguin/rdsk/d400
/share-disk-dirIM1 ufs 2 yes logging
/dev/md/polarbear/dsk/d200 /dev/md/polarbear/rdsk/d200
/INSTALL-ROOTIM2 ufs 2 yes logging
/dev/md/polarbear/dsk/d300 /dev/md/polarbear/rdsk/d300
/share-disk-dirIM2 ufs 2 yes logging
2. Create the following mandatory directories on all the nodes of the cluster.
# mkdir -p /INSTALL-ROOTIM1 share-disk-dirIM1
INSTALL-ROOTIM2 share-disk-dirIM2
In Solaris 10 zones, run this command from the global and non-global zones.
2. When prompted, select the Instant Messaging Server Oracle Solaris Cluster HA
Agent software.
3. Run the Sun Cluster HA Agent pre-configuration command.
IM_SCHA_BASE/bin/init-config
On Solaris 10 zones, run this command only from the global zone.
Preparing Each Node of the Cluster
For each node in the cluster, create the Instant Messaging Server runtime user and
group under which the components will run. The UID and GID numbers must be the
same on all nodes in the cluster.
■ Runtime UID: User name using which the Instant Messaging server runs. The
default value is inetuser.
■ Runtime GID: Group using which the Instant Messaging server runs. The default
value is inetgroup. Although the configure utility creates these IDs, you can create
the IDs before you invoke the configure utility as part of the preparation of each
node. Create the runtime UID and GID on a node where you might not invoke the
configure utility, which is usually secondary node.
Make sure that the user name, group name and the corresponding UID and GID are
same in the following files on all nodes:
■ inetuser or the name that you select in the /etc/passwd directory on all the nodes
in the cluster
■ inetgroup or the name that you select in the /etc/group directory on all the nodes
in the cluster
Refer to your operating system documentation for detailed information about users
and groups.
2. Using the Communications Suite installer, install Instant Messaging Server on the
primary node.
a. Run the Communications Suite installer command.
commpkg install
To configure Oracle Solaris Cluster on the first node by using the Oracle Solaris Cluster
command-line interface:
1. Register the following resource types.
scrgadm -a -t SUNW.HAStoragePlus
scrgadm -a -t SUNW.iim
For more information about the configure utility, see Instant Messaging Server
Installation and Configuration Guide.
2. When prompted for the Instant Messaging Server Runtime Files Directory, enter
/share-disk-dirIM1 if you are using HAStoragePlus for the runtime files.
3. When prompted for the Instant Messaging Server host name, enter the logical
host.
Choose to accept the logical host even if the configure utility cannot connect to the
specified host. The logical host resource might be offline at the time when you
invoke the configure utility.
4. Do not start Instant Messaging Server after configuration or on system startup.
5. Copy the Instant Messaging Server 9 configuration file iim.conf.xml to the
iim.conf file with the same permissions.
Note: Also copy the iim.conf.xml file to iim.conf after any future
configuration changes as cluster uses the iim.conf file.
6. To use the Gateway Connector service in HA, update this service configuration
with the virtual host name or IP address and port number as follows:
InstantMessaging_home/imconfutil --config config_file_path iim_
gwc.hostport=virtual host-name or ip:port
For example:
/opt/sun/comms/sbin/imconfutil --config /DATA1/default/config/iim.conf.xml iim_
gwc.hostport=192.10.12.11:22222
8. Test the successful creation of the Instant Messaging Server resource group by
performing a failover.
scswitch -z -g IM-RG1 -h IM_NODE2
For more information about the configure utility, see Instant Messaging Server
Installation and Configuration Guide.
2. When prompted for the Instant Messaging Server Runtime Files Directory, enter
one of the following:
If you are using an HAStoragePlus for the runtime files, enter /share-disk-dirIM2.
3. When prompted for the Instant Messaging Server host name, enter the logical
host.
For example, accept the logical host even if the configure utility cannot connect to
the specified host. The logical host resource might be offline when you invoke the
configure utility.
For example:
/opt/sun/comms/sbin/imconfutil --config /DATA1/default/config/iim.conf.xml iim_
gwc.hostport=192.10.12.11:33333
7. Create the Instant Messaging Server resource and enable the resource.
In this example, the resource group name is IM_SVR_RS2. Provide the logical
host resource name, the HAStoragePlus resource name, and the port number. By
default, Instant Messaging Server uses ports 5269, 5222, and 45222. If the first
instance uses these port numbers, use different port numbers for the second
instance.
/INSTALL-ROOTIM2/im/sbin/imconfutil --config /MS_ALTROOT/im/config/iim.conf.xml
set-prop iim_server.port=5270
/INSTALL-ROOTIM2/im/sbin/imconfutil --config /MS_ALTROOT/im/config/iim.conf.xml
set-prop iim_server.muxport=45223
/INSTALL-ROOTIM2/im/sbin/imconfutil --config /MS_ALTROOT/im/config/iim.conf.xml
set-prop iim_mux.listenport=5223
/INSTALL-ROOTIM2/im/sbin/imconfutil --config /MS_ALTROOT/im/config/iim.conf.xml
set-prop iim_mux.serverport=45223
scrgadm -a -j IM_SVR_RS2 -g IM-RG2
-t SUNW.iim -x Server_root=/INSTALL-ROOTIM2/im
-y Confdir_list=/share-disk-dirIM2/default/config
-y Resource_dependencies=IM-HASP-RS2,LOG-HOST-IM-RS2
8. Test the successful creation of the Instant messaging resource group by performing
a failover.
scswitch -z -g IM-RG2 -h IM_NODE1
2. Disable all resources in the Instant Messaging Server resource group IM_RG.
scswitch -n -j IM_SVR_RS
scswitch -n -j LOG_HOST_RS
scswitch -n -j IM-HASP-RS
3. Remove the resources from the Instant Messaging Server resource group.
scrgadm -r -j IM_SVR_RS
scrgadm -r -j LOG_HOST_RS
scrgadm -r -j IM-HASP-RS
6. Remove the SUNWiimsc package by using the Sun Java Enterprise System
installer or run the pkgrm SUNWiimsc command.
When you remove the package, any customization that you make to the RTR file is
lost.
7. Remove any links that you have created during the HA configuration, if you are
using a shared directory for configuration files and binaries.
rm /etc/opt/sun/comms/im
HA Related Documentation
■ Communications Suite Installation Guide:
https://wikis.oracle.com/display/Communications+Suite+7.0.6+Installatio
n+Guide
■ For a general background about Sun Cluster software, data services, and
terminology resource types, resources, and resource groups, see:
http://download.oracle.com/docs/cd/E19787-01/819-2969
■ For general information on planning and administration of data services, see:
http://download.oracle.com/docs/cd/E19787-01/819-2974
■ For software procedures for administering a Sun Cluster configuration, see:
http://download.oracle.com/docs/cd/E19787-01/819-2971
■ For a description of the commands and utilities available with the Sun Cluster
software, including commands found only in the SUNWscman and SUNWccon
packages, see:
http://download.oracle.com/docs/cd/E19787-01/819-3055
This chapter describes how to configure LDAP failover for Oracle Communications
Instant Messaging Server on a multi-master replication (MMR) setup of LDAP servers.
Note: Only the Instant Messaging server is replica aware. All the
support tools that use the iim.conf.xml file are not replica aware. For
support tools to start, the default LDAP server should be up and
running.
For more information, see Using Layered Architectures to Create Highly Available
Infrastructures at:
https://wikis.oracle.com/display/CommSuite/Using+Layered+Architectures+to+
Create+Highly+Available+Infrastructures
Server Pooling
To ensure that all servers within a server pool have consistent data, the following
information is replicated among all servers in the pool:
■ Routing information for end users
■ Conference membership and configuration
■ Multi-party conference messages
The following information is not replicated:
■ One-on-one chat messages
■ Presence subscriptions and notifications
If you are enforcing policy through access control files in your deployment, the content
of the access control files must be the same among all servers in a server pool. See
Instant Messaging Server Security Guide for more information.
Table 9–1 Example Configuration Information for Two Instant Messaging Servers in a
Server Pool
Value for Value for
Property Server A Server B Notes
iim_server.serverid iimA.siroe. iimB.siroe. In a server pool, this ID is used to
com com support the dialback mechanism
and is not used for authentication.
This value should be unique within
the server pool.
iim_server.password secretforiimA secret4iimB None
iim_ siroe.com siroe.com Peer servers within a server pool
server.domainname share the same default domain.
Note: When open federation is enabled, do not use the host name as
the server ID. For example, the property iim_server.serverid should
not be set to host name.
You define coserver properties by running the imconfutil add-coserver command. The
add-coserver property enables you to set the server ID, the password used to
authenticate for this coserver, the coserver host name, the domain server used by the
coserver, and whether SSL is required.
After setting the coserver property, you can retrieve it by using the imconfutil
get-coserver-prop command. If you need to modify an existing coserver property, use
the imconfutil set-coserver-prop command. To remove a coserver, use the imconfutil
delete-coserver command. If you need to verify the password of a coserver, use the
key a node should use. The value for the dialback key is randomly generated unless
you explicitly specify one. See "To Manually Define the Dialback Key for an Instant
Messaging Server in a Server Pool" for instructions.
The From attribute is used by a remote server to connect back to an initiating server.
Typically, a server's domain name is used as the value for the From attribute in
server-to-server communication under Jabber. However, all servers in a server pool
share the same domain name. Therefore, the domain name cannot be used as a key to
locate a single server in a pool. Instead, Instant Messaging Server uses a server or peer
identifier (serverid) instead of the domain name as the value for the From attribute.
To Manually Define the Dialback Key for an Instant Messaging Server in a Server Pool
The value for the dialback key is randomly generated unless you explicitly specify
one.
1. Use the imconfutil command to modify the value of the iim_server.dialback.key
configuration property.
For example:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml iim_
server.dialback.key=mymultinodedialbackkey
This property is used to enable or disable the use of Shoal for conference
messaging. If you set the property to false or not set at all, the legacy
server-to-server connection is used.
You can enable Shoal anytime during and after configuration. If you enable this
feature after configuration, restart all the servers.
Note: When using Shoal for peer discovery and conferences, ensure
that:
■ The iim_server.password property is the same on all hosts.
■ Relay is enabled for communication to work when hosts are on
different subnets.
To enable Shoal across different subnets, you must start the relay server. To start the
relay server, you need at least one relay server per subnet. You can configure any
number of relay servers.
To start the relay server, use the imconfutil command to set the relay.imadmin.enable
and relay.listen_address (optional) configuration properties. For example:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml set-prop
relay.imadmin.enable=true relay.listen_address=192.0.2.0
You specify each relay by using a URI of the form tcp://host:port. For example:
relay.uri_list = tcp://relay2.example.com:5600, tcp://relay3.example.com:5600
You can start or stop the relay process independently of the Instant Messaging server.
Stopping or restarting the relay process does not affect the servers that are already in
the pool.
Server
This chapter explains how to configure and manage email, file, message, and custom
archiving for Oracle Communications Instant Messaging Server.
Archiving Overview
Instant message archiving can be done in the following ways:
■ Email Archive. When using this method, chat and conference participants receive
email containing the contents of the Instant Messaging Server sessions in which
they participated. End users can use any email client to search and manage instant
messages.
■ File Archive allows you to archive the contents of a file that is transferred from one
client to another.
■ Message Archiving allows you to archive all the message data that passes through
the server in any one-to-one or a group-chat conversation.
■ Custom Archive. You can choose to use either the Instant Messaging Server
archive providers, or create your own custom archive provider. Instant Messaging
Server provides the APIs and SPIs that can be used to write custom archive
providers. For more information on Instant Messaging Server APIs, see "Using the
Web Presence API".
Regardless of which type of archive provider you choose to use, you need to
enable the archive provider by running the imconfutil command to configure the
appropriate property.
You can configure Instant Messaging Server to use one or both archive methods at the
same time.
* class
*/
public abstract class ByteStreamFilter
{
/**
* process a data block contained in a stream.
*
* This method needs to be overridden in order to perform
* archiving
*
* @param stream byte stream handle
* @param block block of bytes to be transferred.
*
*/
public void processData(ByteStream stream,
ByteStreamBlock block)
{
block.commit();
}
/**
* called when a new byte stream is open
*
* @param from data originator address, uses xmpp address
* @param to data recipient address, uses xmpp address format
* @param stream byte stream handle
*/
public void openStream(String to, String from,
ByteStream stream)
{
}
/**
* called when a new byte stream is closed
*
* @param stream byte stream handle
*/
public void closeStream(ByteStream stream)
{
}
}
}
/**
* open the archive
* @exception Exception failure to open and initialize the
* archive.
*/
public void open() throws Exception
{
}
/**
* close the archive and dispose off all held resources
*/
public void close()
{
}
}
Enabling and Disabling the Instant Messaging Server Message Archive Provider
This section describes how to enable and disable the Instant Messaging Server
message archive provider.
To enable message archiving:
1. Run the following imconfutil command.
imconfutil -c InstantMessaging_home/config/iim.conf.xml set-prop iim_
server.msg_archive=true
Enabling and Disabling the Instant Messaging Server Email Archive Provider
You enable or disable the email archive provider by modifying a the appropriate
configuration property.
imadmin refresh
Note: If you run configure after modifying these properties for the
email archive, any values you input are overwritten.
Table 10–1 describes the configuration properties you use to define which
administrators receive email archives, as well as whether to use the extended RFC 822
header, and the content of that header.
RFC 822 Email Archive Header Fields for One to One Chat
From: Chat session initiator.
To: Receiver and any administrators configured in iim.conf.xml.
See Table 18-1 for more information.
Subject: First useful message over 50 characters in length.
Date: Creation date of the email message by the archive provider.
Reply-to: Not used.
Message-ID Generated by the email archive provider based on
the message thread.
RFC 822 Email Archive Header Fields for Poll Questions with Replies
From: Poll sender.
To: Poll sender and any administrators configured
in iim.conf.xml. See Table 18-1 for more information.
Cc: Not used.
Subject: Poll question.
Date: Creation date of the email message by the archive provider.
Reply-to: Not used.
X-XMPP-Message-ID Generated by the email archive provider.
RFC 822 Email Archive Header Fields for Poll Replies Only
From: Poll sender.
To: Poll recipients and any administrators configured in
iim.conf.xml. See Table 18-1 for more information.
Cc: Poll sender.
Subject: Poll question.
RFC 822 Email Archive Header Fields for New Channel Posts
From: News channel post sender.
To: Mailing list associated with the news channel
and any administrators configured in iim.conf.xml.
See Table 18-1 for more information.
Cc: Not used.
Subject: News channel post subject.
Date: Creation date of the email message by the archive provider.
Reply-to: Not used.
X-XMPP-Message-ID Generated by the email archive provider.
Messaging
This chapter explains how to configure and manage message conversion for Oracle
Communications Instant Messaging Server.
* If the contents of the part once modified are null, the part is
* removed.
* @deprecated instead use com.sun.im.service.Message
* @exception Exception the converter may throw an Exception.
* If so the exception is logged in the server log file and the message
* is not relayed to any recipients.
* The sender receives a negative delivery status.
*/
public void convert(com.sun.im.service.MessagePart part) throws Exception
{
return;
}
/**
* Convert a message part.
* This method may make modification to the content, content-
* type and content-name of the provided MessagePart object.
* It needs to be overwritten by actual message converters.
* The default behaviour of this method is to call
* convert(com.sun.im.service.MessagePart)
* so all the extensions to MessageConverter written prior
* to version 7.0 will still work with later versions.
* @param message incoming message to convert. If the contents
* of the message once modified are null, the message is
* removed.
Implementing the Custom Message Conversion Provider
* If so the exception is logged in the server log file and
* the message is not relayed to any recipients.
*/
public void convert(com.sun.im.service.Message message) throws Exception
{
com.sun.im.service.MessagePart parts[] = message.getParts();
convert(parts[0]);
}
}
This chapter describes how to collect data and monitor Oracle Communications
Instant Messaging Server activity.
http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.htm
l
3. Set the user name and password for the server to use in JAAS authentication:
imconfutil set-prop iim_server.admin.user=UserID -c InstantMessaging_
home/config/iim.conf.xml
imconfutil set-prop iim_server.admin.password=Password -c InstantMessaging_
home/config/iim.conf.xml
You must also assign the user name you enter readwrite permission in the JMX
access-control file.
4. Configure JVM and JAAS properties for monitoring.
The Instant Messaging Server stores all JVM and JAAS properties in a single
configuration parameter that is passed to the server process. Table 12–1 lists the
properties you need to set.
Table 12–1 Property Settings for Configuring JMX and JAAS for Server Monitoring
Property Description
-Dcom.sun.management.jmxremote Enables remote monitoring.
-Dcom.sun.management.jmxremote. Sets the JMX remote access port for the client connection.
port=port_number
-Dcom.sun.management.jmxremote. Allows remote JMX access.
local.only=false
-Dcom.sun.management.jmxremote. true enables SSL for the JMX connection, false disables it.
ssl=true
-Dcom.sun.management.jmxremote. Enables JAAS authentication.
authenticate=true
-Djava.security.auth.login.config=Instant Specifies the location of the JAAS login configuration file to use for
Messaging_home/config/jaas_login_config_ authentication. For more information, see the JAAS documentation at:
file
http://docs.oracle.com/javase/7/docs/technotes/guides/securi
ty/jgss/tutorials/LoginConfigFile.html
-Dcom.sun.management.jmxremote. Specifies the name of JAAS login entry in the JAAS login
login.config=JAAS_Login configuration file The name of the entry must match the name you
enter for -Dcom.sun.management.jmxremote.login.config with the
imconfutil command.
-Dcom.sun.management.jmxremote. Specifies the absolute path to the JMX access file. You can create a
access.file=InstantMessaging_ jmxaccess file based on the JMX-access template file located at: JDK_
home/config/jmxaccess InstallDir/jre/lib/management/jmxremote.access.
In configuring the jmxaccess file, the name of the user specified in
controlRole must be same as the user name you entered for the
server to use in JAAS authentication.
Table 12–1 (Cont.) Property Settings for Configuring JMX and JAAS for Server Monitoring
Property Description
-Dcom.sun.management.jmxremote.ssl= true enables SSL for the JMX connection, false disables it. If you
true enable SSL, supply the keystore and password as well.
-Djavax.net.ssl.keyStore Specifies the location of the keystore.
-Djavax.net.ssl.keyStorePassword Specifies the location of the keystore password.
-Dcom.sun.management.jmxremote.ssl.n Disables mutual SSL authentication.
eed.client.auth=false
You must set all of the properties in a single imconfutil command. The imconfutil
command in the following example sets the JVM and JAAS properties required for
monitoring.
imconfutil set-prop iim_
server.jvm.options="-Dcom.sun.management.jmxremote.access.file=/opt/sun/comms/i
m/config/jmxaccess -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9010
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.login.config=Login1
-Djava.security.auth.login.config=/opt/sun/comms/im/config/jaasconfig" -c
/opt/sun/comms/im/config/iim.conf.xml
5. Add an entry to the JAAS login configuration file that contains the
com.oracle.im.stat.AdminLoginModule implementation of LoginModule. For
information, ese the topic on configuring JAAS login entries at:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAA
SRefGuide.html#AppendixB
The name of the entry must match the name you enter for
-Dcom.sun.management.jmxremote.login.config with the imconfutil command.
6. Set the interval, in seconds, at which you want monitored data to be refreshed. The
default interval is 30 seconds. To configure an alternative interval:
■ Set the iim_server.monitor.refreshtimeout property as in the following
example:
imconfutil set-prop iim_server.monitor.refreshtimeout=60 -c
InstantMessaging_home/config/iim.conf.xml
■ If you are using a JMX client, you can use the refreshNow operation in the
JMX Statistics MBean for an immediate refresh.
Installation Prerequisites
You need to install the following products before you can install the plug-in:
■ Enterprise Manager Cloud Control 12c Release 1 (12.1.0.3.0) or higher. For more
information, see Oracle Enterprise Manager Cloud Control Basic Installation Guide.
■ Oracle Instant Messaging Server 9 Update 1 or higher
Adding Instant Messaging Server Host Targets and Installing the Management Agent
Add each Instant Messaging Server host you want to monitor to Enterprise Manager
as a managed target and install a management agent manually on each host.
To add an individual host and install a management agent on it:
1. Log in to the Enterprise Manager administration console.
2. Expand the Setup menu, then select Add Target, then Add Targets Manually.
3. Select Add Host Targets.
14. Confirm that the Management Agent is properly installed and the new target is
now visible in the administration console.
For detailed information on installing the Management Agent, see Oracle Enterprise
Manager Cloud Control Basic Installation Guide.
Deploying the Enterprise Manager Cloud Control Plug-in on the Management Server
To deploy the plug-in on the management server:
1. Set up preferred credentials for the target host. See "Setting Up Preferred
Credentials" for more information.
2. From the Setup menu, select Extensibility then select Plug-ins.
3. Select Oracle Instant Messaging Server from the Applications folder.
4. From the Deploy On menu, select Management Servers.
5. In the Deploy Plugin on Management Servers dialog, enter the password for the
Sys user and click Continue.
6. Complete the remaining steps in the dialog box.
7. Click Deploy.
8. Monitor the status to ensure successful deployment.
14. Confirm that the Enterprise Manager Cloud Control Plug-in for Oracle
Communications Instant Messaging Server deploys successfully.
15. Repeat these steps for all Instant Messaging Server hosts.
for a list of the metrics available. The metrics have default thresholds for generating
alerts and sending notifications. To change the thresholds, see "Setting Thresholds on
Monitored Metrics". By default, no corrective actions are initiated when a threshold is
crossed. To configure corrective actions, see "Adding Corrective Actions".
Viewing Metrics
You can monitor metrics from managed target instances of Instant Messaging Server
through the Enterprise Manager Cloud Control administration console:
1. Log in to the Enterprise Manager Cloud Control administration console as a
privileged user.
2. Click Targets, then All Targets.
3. In the list of targets, click the Instant Messaging Server in the Instant Messaging
Server column you wish to monitor.
Instant Messaging Server targets have an Oracle Instant Messaging Server - Core
Server target type. Enterprise Manager Cloud Control displays the target's
overview page.
4. Expand the Oracle Instant Messaging Server - Core Server menu under the
target_name.
5. Click Monitoring, then All Metrics.
6. In the left-hand tree control, expand the metric category and select the metric you
wish to view.
Available Metrics
Table 12–2 lists the available metrics and gives default thresholds for generating alerts
and sending notifications. It also gives the interval at which each metric is refreshed.
The table lists metrics based on their organization in the Oracle Enterprise Manager.
Customizing Monitoring
You can customize the following aspects of monitoring:
■ The thresholds for sending alerts and notifications (see "Setting Thresholds on
Monitored Metrics")
■ The notifications sent when a threshold is crossed (see "Setting Notification
Options")
■ The corrective actions taken when a threshold is crossed (see "Adding Corrective
Actions")
This chapter describes common problems that might occur during installation and
deployment of Oracle Communications Instant Messaging Server. It also provides an
overview of the watchdog process.
Authentication Errors
The following are the possible causes for this problem:
■ Problems while accessing the LDAP server, such as the LDAP server is not
running, or a provisioning error, such as a schema violation, has occurred
■ End user not found
■ Invalid credentials
Where to get diagnostic information:
■ Instant Messaging server, Identity authentication, and LDAP log files.
iim_wd.enable=true
Server
Table 14–1 (Cont.) Logging Levels for Instant Messaging Server Components
Level Description
ERROR A log record is added to the log file whenever a
recoverable software error condition occurs or a
network failure is detected. For example, when the
server fails to connect to a client or to another server.
WARNING A log record is added to the log file whenever a user
error is detected. For example, when the server cannot
understand the communication sent by the client.
INFO A log record is added to the log file whenever a
significant action takes place. For example, when an
end user successfully logs in or logs out.
DEBUG The tasks are recorded in the log file. This information
is useful for debugging purposes only. Each event with
individual steps, within each process or task, is written
in the log file. The information recorded helps the end
user identify the problems while debugging the
application.
When you select a particular logging level, events corresponding to that level and to
all higher and less verbose levels are logged.
INFO is the default level for the server. ERROR is the default level for the multiplexor,
Calendar agent, and watchdog log files.
For example:
Solaris OS:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml set-prop
iim.log4j.config=/etc/opt/sun/comms/im/default/config/log4j.conf
To Specify the Maximum Log4j Log File Size for IM Server Components
You can set log levels by modifying either the template or the log configuration file.
However, if you only modify the configuration file, any changes you make will be
overwritten the next time you run configure. To prevent this, you should make your
changes to both the configuration file and the template.
1. Open the log4j.conf.template file.
By default, this file is stored in the InstantMessaging_home/lib directory.
2. For each component, specify the maximum size for the component's log file.
For example, to set the size for the server log file:
log4j.appender.A1.maxFileSize=max-logfile-size
where A1 is the default appender ID for the server, max-logfile-size is in MB, for
example 5MB.
3. Repeat the procedure for the configuration file log4j.conf.
This chapter describes how to configure hosted domains for Oracle Communications
Instant Messaging Server.
Schema 1 Structure
The directory structure of Schema 1 includes two trees for domain management: the
organization tree and the domain component (DC) tree. For example, for domain
xyz.abc.com, the tree structure is as follows:
A, dc tree: o=internet // dc tree root suffix
dc=com
dc=abc
dc=xyz // domain node
where:
path is the full directory path to and including iim.conf.xml, for example,
/opt/sun/comms/im/config/iim.conf.xml.
xml.iim_ldap.schema1.domain_config_root is the DC tree root suffix, for
example, o=internet.
Schema 2 Structure
Schema 2 has only the DC as the config root. Schema 2 has the following tree
structure:
B, Organization tree: dc=xyz,dc=abc,dc=com // Base dn for users/groups
o=xyz.abc.com
ou=people // Users are under this node
where:
path is the full directory path to and including iim.conf.xml, for example,
/opt/sun/comms/im/config/iim.conf.xml.
iim_ldap.schema2.domain_config_root is the DC tree root suffix, for example,
dc=red,dc=example,dc=com.
If the default value of the iim.policy.modules parameter is iim_ldap, the users
under the non-default domain cannot be searched. Users cannot log in to Instant
Messaging Server. Instant Messaging Server, in this case, does not go through the
DC tree to find the value of the inetDomainBaseDn attribute. The server uses the
value of the iim_ldap.searchbase attribute to search users who exist in the default
domain. You can specify the default domain by using the iim_server.domainname
attribute.
iim_ldap.schema2.domain_filter specifies the object class of the domain node.
The default value is inetDomain.
where:
path is the full directory path to and including iim.conf.xml, for example,
/opt/sun/comms/im/config/iim.conf.xml.
2. Add the following parameter, which loads the specified domains into the server
memory upon server startup.
imconfutil set-prop -c path iim_server.default_domains=value
where:
iim_server.default_domains is the domain, or comma-separated list of domains,
on the server.
External Servers
Note: You can use the server-to-server federation only if the servers
are using the same protocol. Instant Messaging Server uses the XMPP
protocol. Thus, you can federate a server-to-server communication
with GTalk or Openfire servers. In addition, Instant Messaging Server
9 provides support for a user on an XMPP network to communicate
with a user on a SIP/SIMPLE network through the SIP gateway.
Federation Examples
You use the imconfutil command to set the federation configuration properties.
■ To enable federation, set iim_server.federation.policy=OPEN.
When this property is set, any domain is able to federate with this Instant
Messaging Server host.
■ To disable federation, set iim_server.federation.policy=CLOSED.
When this property is set, no domain is be able to federate with this Instant
Messaging Server host.
■ To achieve open federation, but with a few domains blacklisted, set iim_
server.federation.policy=OPEN and iim_
server.federation.exceptions=domain1.com,domain2.com.
In this example, federation is allowed for any domain except domain1.com and
domain2.com.
■ To achieve federation with only a small whitelist of domains, set iim_
server.federation.policy=CLOSED and iim_
server.federation.exceptions=domain1.com,domain2.com.
In this example, federation is allowed only for the domain1.com and domain2.com
examples, and no other domains.
Note: The domains in the exception list can be XMPP domains or SIP
domains. For more information on SIP, see "Configuring the SIP
Gateway".
To have the configuration change take effect, restart Instant Messaging Server:
imadmin refresh server
The TTL (time-to-live) value informs the other server how long to cache the DNS entry.
“muc” is a configurable service name for the conference service. xmpp.example.com is
either the fully qualified domain name or IP address of the XMPP server.
To verify that the SRV record is added correctly in DNS entries, run the following
nslookup command:
nslookup -type=srv _xmpp-server._tcp.example.com
If you are using SIP/SIMPLE Federation Gateway Services, then the SIP Gateway
must publish _xmpp-server DNS SRV records for the SIP federated domains.
Table 16–3 lists the DNS SRV record required for the SIP Gateway.
sfs.example.com is either the fully qualified domain name or the IP address of the
Oracle Communications Converged Application Server.
Table 16–4 lists the DNS SRV records required for Oracle Communications Converged
Application Server to discover the SIP/SIMPLE server.
sip.example.com is either the fully qualified domain name or the IP address of the
SIP/SIMPLE server.
To verify that the SRV record is added correctly in DNS entries, run the following
nslookup command:
nslookup -type=srv _sip._udp.example.com
Note: Currently, Convergence is the only client that can access the
Facebook Gateway.
Using the configure Utility for the Facebook Gateway and Gateway Connector
To use the configure utility to configure the Facebook Gateway and Gateway
Connector during initial configuration:
1. Start the configure utility, for example:
/opt/sun/comms/im/sbin/configure --nodisplay
Deployment Planning
The Instant Messaging Server Facebook Gateway architecture consists of the Gateway
itself and the GWC (see "Gateway Connector (GWC)"). Before you configure the
Gateway, you need to register the Facebook application with the Facebook website. See
the Facebook documentation at:
https://developers.facebook.com/docs/chat
This chapter describes how to configure the HTTPBIND Gateway for Oracle
Communications Instant Messaging Server.
In addition, when you choose to deploy the gateway during initial configuration, the
configure utility creates a .war file in the InstantMessaging_home/work directory and
then deploys this file on GlassFish Server in the directory you specified for the code
base.
You can also configure the gateway to use a non-default configuration file by
modifying the values in the web.xml file, which is deployed with the client resources
on the GlassFish Server.
The instructions in this section assume the gateway configuration file is httpbind.conf.
If you are using a non-default configuration file, substitute your configuration file for
httpbind.conf in the instructions.
Any time you make a change to httpbind.conf, you will need to restart the
XMPP/HTTP Gateway.
This section contains the following instructions:
■ To Enable or Disable the Instant Messaging Server XMPP/HTTP Gateway
■ To Configure HTTPBIND Manually
■ To Configure Concurrent Requests Number Handled by the XMPP/HTTP
Gateway
■ To Set the JEP 124 hold Attribute for Client Requests to the XMPP/HTTP Gateway
■ To Specify the Allowed Client Inactivity Time for the XMPP/HTTP Gateway
■ To Set the content-type HTTP Header for the XMPP/HTTP Gateway
■ To Set the Round Trip Delay for the XMPP/HTTP Gateway
■ To Set the XMPP/HTTP Gateway Default Response Time
■ To Configure an XMPP/HTTP Gateway in a Instant Messaging Server Gateway
Pool
■ To Configure the List of Key IDs for Supported XMPP/HTTP Gateway Domains
■ To Configure the XMPP/HTTP Gateway to Use a Non-default Configuration
■ To Use Encrypted Passwords
■ To Add a New Hosted Domain Without Restarting GlassFish Server
For instructions on configuring logging for the gateway, see "Managing Logging for
the XMPP/HTTP Gateway".
3. Copy the config template file from the zipped folders's config directory to the
config directory of httpbind. In the following example, /opt/sun/comms/im/config
is the config directory of httpbind.
cp /tmp/httpbind/config/httpbind.conf.template
/opt/sun/comms/im/config/httpbind.conf
See "Managing Instant Messaging Server Logging by Using log4j" for log-related
configurations.
5. Edit the httpbind.conf file (by default, located in the /opt/sun/comms/im/config
directory) to set the following properties:
■ Domain: default.domains=abc.com
■ Multihosting to false: default.multihosting=false
■ Host name and port of Instant Messaging Server host:
default.hosts=example.com:5269
■ Component jid of httpbind: default.componentjid=httpbind.abc.com
■ Password: default.password=password
To set the password in plain text, comment out the following parameters:
#httpbind.component.password.cipher.delegate=DELEGATE_CLASS
#httpbind.component.password.cipher=CIPHER_CLASS
Ensure that the jid and password match with the ones that you configured in the
httpbind.conf file (step 5).
9. To deploy HTTPBIND, deploy the httpbind.war file, from the unzipped
httpbind.zip file generated in step 1, to Glassfish Server.
10. Restart GlassFish Server.
When you manually configure HTTPBIND, ensure that the files in the config
directory, and encryption key files if you are using password encryption, have read
permissions set for GlassFish Server. When you run the configure utility, the utility
ensures that the permissions are correct when you configure HTTPBIND.
If the value of this parameter is less than the value for the JEP 124 hold attribute in
the client request, the value for this parameter will be set to hold+1. Do not set this
parameter to 1, as doing so could severely degrade performance. See "To Set the
JEP 124 hold Attribute for Client Requests to the XMPP/HTTP Gateway" and
" XMPP/HTTP Gateway Configuration Parameters in httpbind.conf" for more
information on the httpbind.hold parameter.
3. Save and close httpbind.conf.
4. Restart the gateway by using the tools provided by GlassFish Server.
To Set the JEP 124 hold Attribute for Client Requests to the XMPP/HTTP Gateway
Ensure that you are familiar with the JEP 124 draft standard. More information is
available at
http://www.jabber.org/jeps/jep-0124.html
1. Open httpbind.conf.
2. Set the httpbind.hold parameter to the maximum value you want the gateway to
allow for the hold attribute in the client request. The default is 5. For example:
httpbind.hold=5
If the hold value sent by the client is greater than the gateway's hold value, the
gateway's hold value is used.
3. Save and close httpbind.conf.
4. Restart the gateway by using the tools provided by GlassFish Server.
To Specify the Allowed Client Inactivity Time for the XMPP/HTTP Gateway
1. Open httpbind.conf.
2. Set the httpbind.inactivity parameter to the time in seconds after which you want
the gateway to terminate idle connections. The default is 180 seconds. For
example:
httpbind.inactivity=180
If clients do not poll the gateway before this time elapses, the gateway terminates
the connection.
3. Save and close httpbind.conf.
4. Restart the gateway by using the tools provided by GlassFish Server.
Setting this value too high may degrade performance. Consider the general
latency in your network before changing this parameter.
3. Save and close httpbind.conf.
4. Restart the gateway by using the tools provided by the GlassFish Server.
If the value set for the client is greater than the value for the gateway, the gateway
wait time is used.
3. Save and close httpbind.conf.
4. Restart the gateway by using the tools provided by GlassFish Server.
To Configure the List of Key IDs for Supported XMPP/HTTP Gateway Domains
1. Open httpbind.conf.
2. Set the httpbind.config parameter to the list of IDs you want the gateway to use.
For each domain you need to specify a separate ID for this parameter. For
example:
httpbind.config=gwdomain-id
Where gwdomain-id is the identifier you want to use for the domain.
For example:
httpbind.config=siroe.com
3. For each gwdomain-id you specify, add the following parameters to the
httpbind.conf file:
gwdomain-id.domain=domain-name
gwdomain-id.hosts=gateway-host
gwdomain-id.componentjid=component-jid
gwdomain-id.password=password
where:
gwdomain-id is the ID specified for the gateway in httpbind.config in the previous
step.
domain-name is the domain in which the identified gateway runs.
gateway-host is a comma-separated or space-separated list of the fully-qualified
domain name (FQDN) and port number of the gateway hosts that support this
domain.
component-jid is the component JID of the gateway.
password is the password of the identified gateway.
For example, if gwdomain-id is set to siroe:
siroe.domain=siroe.com
siroe.hosts=gateway.siroe.com:5222
siroe.componentjid=http.gateway.siroe.com
siroe.password=gatewaypassword
her
2. From the directory containing the httpbind.conf file, generate a password key and
password using the Instant Messaging Server passwordtool command.
See "passwordtool Command Reference" for more information.
For example, the following commands generate an encrypted password from the
clear text password abcd:
cd httpbind_config_dir
passwordtool httpbind generate-key
passwordtool httpbind generate abcd
MmHRfLCIB0ej5KGDqLC45Q==
More information about the log4j format supported by Instant Messaging Server is
described at Apache Logging Services, at:
http://logging.apache.org
See " Logging Levels for Instant Messaging Server Components" for a list of valid
logging levels you can use.
4. Save and close httpbind_log4j.conf.
Oracle Linux and Red Hat Linux: To Set the XMPP/HTTP Gateway Log File Location
On Linux systems, after you install and configure the XMPP/HTTP Gateway, you
need to modify the location of the default log file for the XMPP/HTTP gateway in
httpbind_log4j.conf.
1. Open the httpbind_log4j.conf file.
This file is stored at the location you specified in httpbind.conf file as the value for
the httpbind.log4j.config parameter. By default the file is stored in the following
directory under the default Instant Messaging Server instance:
InstantMessaging_cfg/httpbind_log4j.conf
2. Set the value of the log4.appender.appender_ID.file parameter to the location
where log files are stored.
log4j.logger.httpbind=ERROR
See Table 14–1, " Logging Levels for Instant Messaging Server Components" for a
list of valid logging levels you can use.
A server accepts a connection from a peer only after the identity of the peer has
been weakly verified through Dialback, based on information obtained from the
Domain Name System (DNS) and verification keys exchanged in-band over
XMPP. However, the connection is not encrypted. The use of identity verification
effectively prevents domain spoofing, but federation requires proper DNS setup
and is still subject to DNS poisoning attacks.
■ TLS and Dialback, if self signed certificates are provided, also known as Encrypted
Federation
A server accepts a connection from a peer only if the peer supports Transport
Layer Security (TLS) and the peer presents a digital certificate. However, the
certificate may be self-signed, in which case mutual authentication is typically not
possible. Therefore, after STARTTLS negotiation the parties proceed to weakly
verify identity using Dialback. This combination results in an encrypted
connection with weak identity verification.
■ TLS, also known as Trusted Federation
A server accepts a connection from a peer only if the peer supports TLS and the
peer presents a digital certificate issued by a trusted root certification authority
(CA). The list of trusted root CAs is determined by local service policy, as is the
level of trust accorded to various types of certificates (for example, Class 1, Class 2,
or Class 3). The use of trusted domain certificates effectively prevents DNS
poisoning attacks but makes federation more difficult as typically such certificates
are not easy to obtain.
This figure shows that the SIP Federation Service is implemented as a SIP servlet,
deployed within the Oracle Communications Converged Application Server. XMPP
server users are able to exchange presence and chats with SIP users over the XMPP
protocol (by way of the SIP gateway), while SIP users do the same over the
SIP/SIMPLE protocol through the SIP/SIMPLE server. The SIP gateway uses either
Jabber Component Protocol or Server-to-Server Federation to communicate with the
XMPP server. For Server-to-Server federation, you must configure DNS SRV records
for both XMPP and SIP domains. The SIP gateway converts SIMPLE requests to the
appropriate XMPP format and sends them to the XMPP server over either component
or federated connection. SIMPLE requests are acknowledged and responded to
appropriately by using the SIP servlet API. Similarly, the SIP gateway converts XMPP
requests or responses received from the XMPP server to the appropriate SIMPLE
requests and then sends them to the SIMPLE clients. The SIP gateway maintains both
SIMPLE and XMPP user subscription states. The SIP gateway needs to interact with
the XMPP server to authorize presence subscriptions and obtain SIP user presence
notifications.
In this command:
-k specifies the path to the keystore file.
-f specifies the path to the file that contains the password for the keystore.
2. If you are using a self-signed certificate for the SIP Gateway, set the iim_
server.trust_all_cert option to true.
imconfutil -c ../config/iim.conf.xml set-prop iim_server.trust_all_cert='true'
This chapter describes the Short Message Service (SMS) gateway feature and how to
configure it for Oracle Communications Instant Messaging Server.
Table 20–2 shows the Instant Messaging server properties that you need to enable
SMS.
Server-Side Configuration
You can configure the SMS gateway feature by either running the configure utility or
the imconfutil command.
Example: Configuring the SMS Gateway and Instant Messaging Server on Different
Hosts
In this example, the SMS gateway is configured on im-1 and the Instant Messaging
server is on im-2.
### On host im-1:
Note: The value of the jid and password properties provided in the
add-component command must be the same as the values that you
define for the smppbind.jid and smppbind.password properties.
imadmin start sms-gateway. You can also start the gateway by typing
imadmin start.
5. Enter the XMPP server host name.
You can configure Instant Messaging Server and the SMS gateway on the same
host or on different hosts. If you choose to configure the gateway for a remote
Instant Messaging server, specify the remote server host name. The default host
name is the name of the local host.
6. Enter the port number.
The default value is the port number that you specify for the XMPP server. For
example, if the XMPP server port is 5269, enter 5269.
7. Enter the bind ID of the SMSC at the ESME System Id prompt.
8. Enter the SMSC bind password at the ESME System Password prompt.
9. Enter the IP address or the FQHN (Fully Qualified Host Name) of the SMSC at the
SMSC Host address prompt.
10. Enter the SMSC port number at the SMSC port prompt. The default port number
is 2775.
11. Enter the Sender ID at the SMS Sender ID prompt.
The sender ID is the ID with which you have registered to the SMSC. The SMSC
always send a SMS with the sender ID that you specify here.
Client-Side Settings
The Instant Messaging server searches for the recipient phone number in the following
order of precedence:
1. Phone number settings in user v-card of a third-party messaging client
2. LDAP setting in the mobile attribute of Directory Server
3. Phone number settings in the Instant Messaging client
If you use a third-party messaging client such as Psi, specify the phone settings in the
user v-card. See the third-party messaging client documentation for the procedure
about adding phone settings.
If you use Directory Server, add the recipient phone number in the LDAP mobile
attribute. For more information about the Directory Server, refer to the Directory
Server documentation at:
http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/index.h
tml
■ To check the status of the SMS gateway, enter the following command:
imadmin status sms-gateway
With pop-ups enabled, when an impending event or task nears, the alarm set in the
notification service causes Calendar Server to send an email notification and Instant
Messaging Server to display a pop-up reminder.
Calendar Agent
2. ENS
Enter the number corresponding to your choice: [1]:1
XMPP server hostname [hostname]: host name
XMPP server port [port number]: port number
JMQ Username: username
JMQ Password: password
Notification Server Hostname: host name
Notification Server Port: port number
Topic: testTopic
3. After running the configure utility, use the imconfutil command to set the
contenttype property.
For example:
/opt/sun/comms/im/sbin/imconfutil --config
/etc/opt/SUNWiim/default/config/iim.conf.xml set-prop
agent-calendar.serveralarms.contenttype=text/plain
The parameters in the following table are available starting with Instant Messaging
Server 8.0. If upgrading from a prior version, you must set the parameters manually.
Notes:
■ No additional steps are required to configure Calendar Server 7 Update 2 and
higher to work with Instant Messaging Server.
■ By default, Calendar Server 7 Update 2 and higher is configured with the
DavNotificationTopic configuration parameter. Use DavNotificationTopic as the
value for the agent-calendar.consumer.topic property.
■ GlassFish Server uses Java Message Queue on port 7676 independently of
Messaging Server and Calendar Server. A single host installation of Calendar
Server might see problems with port 7676 being occupied if GlassFish Server is
already installed on that host. To avoid this problem, edit the
/etc/imq/imqbrokerd.conf file in the Oracle Solaris default path and set the
ARGS=-port parameter to a free port.
■ imqbrokerd should be up and running for Calendar Server alerts to work when
configured with Java Message Queue.
Entries
This chapter describes how to display availability for Oracle Communications Instant
Messaging Server based on entries in a user’s calendar.
To disable the calendar availability feature once it has been enabled, set
agent-calendar.presence.enable to false.
This chapter describes how to use and configure the Oracle Communications Instant
Messaging Server Web Presence API.
You can edit the file to add any custom servlets you have developed for handing
requests to the Web Presence API.
The remainder of this section contains the following topics.
■ HTTP GET Requests for Presence Information
■ HTTP POST Requests for Presence Information
■ JSON Response to Requests for Presence Information
By default, the request returns a JSON object containing the presence information (see
"JSON Response to Requests for Presence Information").
In the request (see RFC 3921, XMPP: Instant Messaging and Presence):
■ type is a parameter for the type of presence request.
■ to is a parameter for the user's JID or email address.
■ node@domain/resource is the user's JID or email address.
For more information, see RFC 3921, XMPP: Instant Messaging and Presence at:
http://www.ietf.org/rfc/rfc3921.txt
By default, the request returns a JSON object containing the presence information (see
"JSON Response to Requests for Presence Information").
where the JSON object contains one or more presence requests, as in the following
example:
POST /presence
request:[{"presence":{"type":"probe","to":"node@domain/resource"}},{"presence":{"t
ype":"probe","to":"node1@domain1/resource2"}},{"presence":{"type":"probe","to":"no
de2@domain/resource3"}}]
In the example:
■ type is a parameter for the type of presence request.
■ probe is a request for a contact's current presence information.
■ to is a parameter for the user's JID or email address.
■ node@domain/resource is the user's JID or email address.
For more information, see RFC 3921, XMPP: Instant Messaging and Presence:
http://www.ietf.org/rfc/rfc3921.txt
By default, the request returns a JSON object containing the presence information (see
"JSON Response to Requests for Presence Information").
where:
■ show is a parameter for showing a user's availability.
■ dnd (Do Not Disturb) means the user is busy.
■ from is a parameter for the JID or email address of the user sending the presence
information.
■ node@domain/resource is the JID or email address of the user.
■ status is a parameter for a description of the user's availability status.
■ temporarily unavailable is the user's availability status.
where:
■ jid must be set to the same value as the Web Presence API's
ImServer1.componentjid property.
■ password must be set to the same value as the Web Presence API's
ImServer1.password property.
■ broadcast must be set to true to allow Instant Messaging Server to send presence
information to the Web Presence API.
After adding the Web Presence API as a component to Instant Messaging Server, you
need to restart the server:
imadmin refresh server
where:
■ The -c parameter specifies the future location of the configuration file for the
Web Presence API, once the ZIP file is unzipped.
■ The -d parameter specifies a destination directory and file name for the ZIP
file. The directory must exist before you generate the ZIP file.
■ The ZIP file contains:
– A deployable WAR file for the Web Presence API
– A template file (presenceapi.conf.template) to use for creating a Web
Presence API configuration file.
– A template file, presenceapi_log4j.conf.template, for configuring a log4j
log file.
– The Instant Messaging Server password tool. For information on the
password tool, see "passwordtool Command Reference".
2. Extract the contents of the ZIP file to the directory that you want to use as your
Web Presence API configuration directory, for example, /local/presenceAPI.
unzip /tmp/presenceapi.zip -d /local/presenceAPI
3. To create a configuration file for the Web Presence API, copy the configuration file
template, presenceapi.conf.template, to presenceapi.conf.
4. In presenceapi.conf, edit the following lines according to the instructions below
them.
presenceapi.config=default
default.presencepolicy=open
default.domains=DOMAINS_LIST
default.hosts=HOSTS_LIST
default.componentjid=COMPONENT_JID
default.password=ENCRYPTED_COMPONENT_PASSWORD
presenceapi.log4j.config=LOG4J_CONFIG_FILE
# Comment out the following options if you are not using an encrypted password.
presenceapi.component.password.cipher.delegate=DELEGATE_CLASS
presenceapi.component.password.cipher=CIPHER_CLASS
For information about the configuration properties above, see Table 24–1.
a. Leave the first two entries, presenceapi.config=default and
default.presencepolicy=open as they are.
The first property identifies a deployment of Instant Messaging servers as
default.
The second property sets the deployment to provide presence information for
contacts in all domains, except for domains that are listed with the
default.domains property.
b. Delete default.domains=DOMAINS_LIST. There is no need to restrict the
domains open to presence requests in this example.
c. Set default.hosts to a space-separated list of the Instant Messaging servers and
their ports (hostname:port) that make up the default deployment. For example:
default.hosts=ImServer1.example.com:5269 ImServer2.example.com:5269
d. Set default.componentjid to the JID of the Web Presence API in its Web server.
The same JID must be entered when you use the command to configure
Instant Messaging Server at a later step. Example:
default.componentjid=presenceapi.example.com
5. Use the Glassfish Server 3 asadmin command to deploy the Web Presence API
WAR file (you will need Administrator privileges), for example:
/local/glassfish3/bin/asadmin deploy /local/presenceAPI/presenceapi.war
6. Use the imconfutil command to add the Web Presence API as an XMPP Web
component to the Instant Messaging server identified as ImServer1:
imconfutil -c $IM_BASE_DIR/config/iim.conf.xml add-component id=presenceapi
jid=presenceapi.example.com password=asdfjkl; broadcastpresence=true
where:
■ jid must be set to the same value as the Web Presence API's
ImServer1.componentjid property.
■ password must be set to the same value as the Web Presence API's
ImServer1.password property.
■ broadcast must be set to true to allow Instant Messaging Server to send
presence information to the Web Presence API.
7. Restart Instant Messaging Server using the imadmin command. This is necessary
because of the configuration changes you made to the Server.
imadmin refresh server
8. In preparation for the next step, sending a request for presence information, get
the JID of a user that is logged-in to Instant Messaging Server through an XMPP
client. If you have an instant messaging account on an XMPP client that uses the
Instant Messaging Server, and your XMPP client is running, you can use your own
JID.
9. Send a GET or POST request for presence information to the Web Presence API,
using the JID from the previous step.
■ You can send a GET request manually by entering it directly in the address
bar of a browser and pressing Return. The following is an example of such a
request. Note the / that follows the JID. Without it, the JID is interpreted as a
file name and the request fails.
http://imhost@pythia.com:8080/presenceapi/presence/wxyz@example.com/
■ You can send the request from a JavaScript, in which case the response is
returned to the script as a JSON object.
10. Verify that the response received is what was expected.
Presence API
Overview
This chapter describes the configuration files you use to administer Oracle
Communications Instant Messaging Server. The chapter also describes the Instant
Messaging Server directory structure and the properties files used to store Instant
Messaging Server operational data and configuration information. The following
topics are covered:
■ Program Files
■ Server Configuration Files
■ Runtime Directory
■ Database Directory
■ Instant Messaging Server Configuration File
Program Files
Program files include the native executable files, the library files in the bin or lib
directory, the shell scripts in the sbin directory, the Java classes, and templates files in
the lib directory.
Red Hat Linux and Oracle Linux Location of Server Configuration Files
Server configuration files are located in the Instant Messaging Server configuration
directory. The default location of the configuration directory is:
/etc/opt/sun/im/default/config
For convenience, the installer creates a symbolic link from
/etc/opt/sun/im/default/config to /opt/sun/comms/im/config.
In addition, if you create multiple instances of Instant Messaging Server, the name of
the /default directory varies, depending on the instance. See the topic on creating
multiple instances from a single Instant Messaging Server installation in Instant
Messaging Server Installation and Configuration Guide.
Runtime Directory
The runtime directory contains Instant Messaging Server data. It includes the
configurable directory for files generated by the server at runtime. It also includes the
end user data in the data directory. Its log directory contains the server, multiplexor,
Calendar agent, and XMPP service log files.
Red Hat Linux and Oracle Linux Location of the Runtime Directory
The default value of the runtime directory is: /var/opt/sun/im/default.
In addition, if you create multiple instances of Instant Messaging Server, the name of
the /default directory varies, depending on the instance. See the topic on creating
multiple instances from a single Instant Messaging Server installation in Instant
Messaging Server Installation and Configuration Guide.
Database Directory
If you are using a file-based property store, the database directory contains end user
information such as the user and news channels directory. If you are using LDAP to
store user data, the database directory is not used.
Red Hat Linux and Oracle Linux Location of the Database Directory
The default value for the Database Directory is: /var/opt/sun/im/default/db
In addition, if you create multiple instances of Instant Messaging, the name of the
/default directory will vary depending on the instance. See the topic on creating
multiple instances from a single Instant Messaging Server installation in Instant
Messaging Server Installation and Configuration Guide.
Table 27–2 lists and describes the properties used by Instant for LDAP, user
registration, and user source configuration.
Table 27–2 (Cont.) LDAP, User Registration, and Source Configuration Properties
Property Default Value Description
iim_ldap.loginfilter (&(|(objectclass=inetorgpers Search filter used during end-user login. The
on)(objectclass=webtopuser)) entire filter is entered as one line.
(uid={0}))
iim_ldap.userbrowsefilter (objectclass=inetorgperson) Specifies LDAP filter to be applied when browsing
users.
iim_ (|(&(objectclass=groupofuni The search filter used to search for end users and
ldap.usergroupbyidsearchfi quenames)(uid={0}))(&(|(obj groups in the directory, under the base specified
lter ectclass=inetorgperson)(obje by ID. The entire filter is entered as one line.
ctclass=webtopuser))(uid={0}
)))
iim_ (|(&(objectclass=groupofuni The search filter used to search for end users and
ldap.usergroupbynamesear quenames)(cn={0}))(&(|(obje groups in the directory, under the base specified
chfilter ctclass=inetorgperson)(object by name.
class=webtopuser))(cn={0})))
iim_ (|(&(objectclass=groupofuni The search filter that returns a group, given a mail
ldap.usergroupbymailsearc quenames)(mail={0}))(&(obje address.
hfilter ctclass=inetorgperson)(mail=
{0})))
iim_ false Determines if wildcards should be enabled for
ldap.allowwildcardinuid UIDs while performing a search. As most
directory installations have UIDs indexed for
exact searches only, the default value is False.
Setting this value to True can impact performance
unless UIDs are indexed for substring search.
iim_ldap.userclass inetOrgPerson,webtopuser The LDAP class that indicates that an entry
belongs to an end user.
iim_ldap.groupclass groupOfUniqueNames The LDAP class that indicates that an entry
belongs to a group.
iim_ldap.groupbrowsefilter (&(objectclass=groupofuniq The search filter used to browse all groups in the
uenames)(cn={0})) directory under the specified search base.
iim_ldap.searchlimit 40 Maximum number of entries to be returned by a
search. A value of -1 means search is disabled on
this server and a value of 0 indicates unlimited
search.
iim_ldap.resynctime 720 Maximum time in seconds that data fetched from
LDAP is held before resyncing.
iim_ldap.userdisplay cn LDAP attribute to use for display name of end
users.
iim_ldap.groupdisplay cn LDAP attribute to use for display name of groups.
im_ldap.useruidattr uid LDAP attribute used as end users' UID.
im_ldap.groupmemberattr uniquemember LDAP attribute that gives the list of members of a
group.
iim_ldap.usermailattr mail LDAP attribute that should contain end users'
provisioned email addresses. Used when the
email message is sent to an offline end user.
iim_ldap.usermobileattr mobile LDAP attribute that contains end users' mobile
phone numbers.
iim_ldap.groupmemberattr uniquemember LDAP attribute that contains the group member
DNs.
Table 27–2 (Cont.) LDAP, User Registration, and Source Configuration Properties
Property Default Value Description
iim_ memberurl The membership attribute of a dynamic group,
ldap.groupmemberurlattr which contains the LDAP filter or the LDAP URL.
iim.register.enable None If TRUE, the server allows new Instant end users
to register themselves (add themselves to the
directory) using Instant Messenger.
iim_ldap.register.basedn None If self-registration is enabled, the value of this
property is the DN of the location in the LDAP
directory in which person entries are stored. For
example: "ou=people,dc=siroe,dc=com"
iim_ldap.register.domain None The domain to which new users will be added.
For example, directory.siroe.com.
iim_ldap.firstnameattr givenname The LDAP attribute that stores the user's first
name.
iim_ldap.user.attributes None The LDAP attribute that contains the list of
custom attributes from the LDAP user entry.
iim_ldap.group.attributes None The LDAP attribute that contains the list of
custom attributes from the LDAP group entry.
iim_ldap.lastnameattr sn The LDAP attribute that stores the user's last
name.
iim_ nsManagedRoleDefinition The LDAP object class that represents
ldap.managedroleobjectclas managed-role objects.
s
iim_ldap.usessl false Specifies whether to use SSL when connecting to
the primary LDAP server.
iim_ldap.schema1.domain_ None Specifies the base DN for looking up schema 1
config_root domains.
iim_ldap.schema2.domain_ None Specifies the base DN for looking up schema 1
config_root domains.
iim_ldap.debugPool false Enables extra debugging log messages for LDAP
pool failover.
iim_ldap.groupchatstorage. 10000 if no value set, 1000 if Specifies queuesize for group chat.
queuesize value set and is less than 1000.
iim_ false Specifies whether the passwords in LDAP are
ldap.plaintextpasswords stored in clear text
Table 27–3 lists and describes the logging configuration properties for log4j-based
logging.
When Instant Messaging servers are configured in this manner, you can form a larger
Instant Messaging Server community. Therefore, end users on each server can do the
following:
■ Communicate with end users on every other server
■ Use conferences rooms on other servers
■ Subscribe to news channels on other servers (subject to access privileges)
Table 27–5 lists and describes the multiple server configuration properties.
Default
Property Value Description
iim_server.serverid None String used by this server to identify itself to all other servers.
iim_server.password None Password used by this server to authenticate itself to all other
servers.
iim_server.federation.policy None To enable open federation, set to open. To disable open
federation, set to closed. For example:
iim_server.federation.policy = "open"
Table 27–7 lists the properties for Shoal access across subnets.
Archive Properties
Table 27–9 lists the properties you use to manage Instant Messaging Server archiving.
Watchdog Properties
The watchdog monitors the server process and attempts to restart the server if it
determines that the server is not running. See "Managing the Watchdog Process".
Table 27–10 lists and describes the watchdog configuration properties.
Monitoring Properties
The properties in Table 27–11 configure the way the server interacts with the Oracle
Enterprise System Monitoring Framework.
Agent Properties
Agents, such as the Calendar agent, enable functionality within Instant Messaging
Server and enhance its interoperability with other Unified Communications Suite
servers.
Table 27–12 lists and describes agent configuration properties.
JMQ Properties
Table 27–13 lists the calendar agent properties.
This chapter describes the APIs used by Oracle Communications Instant Messaging
Server.
This chapter describes how to use the imadmin command to administer Oracle
Communications Instant Messaging Server.
imadmin Overview
You can use the imadmin command to start, stop, and refresh the Instant Messaging
server and multiplexor.
imadmin Requirements
You must invoke the imadmin command from the host on which Instant Messaging
server is installed. Run imadmin as root or as the end user you specified during
configuration.
imadmin Location
By default, imadmin is installed in the following location:
InstantMessaging_home/sbin
imadmin Commands
Table 29–1 lists and describes commands related to the imadmin command.
imadmin Syntax
imadmin [ options ] [ action ] [ component ]
imadmin Options
Table 29–2 lists and describes options for the imadmin command.
imadmin Actions
Table 29–3 lists and describes actions performed after various imadmin commands are
issued.
imadmin Components
Table 29–4 lists and describes the components for the imadmin command.
The imconfutil command enables you to set, modify, and list Oracle Communications
Instant Messaging Server configuration properties. This chapter describes the
imconfutil command. It gives the tool’s syntax, commands and command options,
and examples of its usage.
Requirements: Must be run locally as root on the Instant Messaging Server host.
Location on UNIX: InstantMessaging_home/sbin
Syntax
The syntax of the imconfutil command is:
imconfutil [ -c config-file ] [ --quiet ] command [ command-specific options ]
--help
Options
Table 30–1 shows the options for the imconfutil command.
Table 30–2 shows imconfutil commands and command-specific options. Options that
are, in fact, optional appear in brackets.
■ To use the specified configuration file and print the value of the iim.instancedir
parameter:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml get-prop iim.instancedir
■ To add a component:
imconfutil add-component -c /opt/sun/comms/im/config/iim.conf.xml calagent
jid=calendar.example.com password=password
■ To delete a component:
imconfutil delete-component -c /opt/sun/comms/im/config/iim.conf.xml calagent
■ To delete a property:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml del-prop iim_
ldap.resynctime
■ To print both the restricted and unrestricted list of commands and options (-u
switch):
imconfutil -u
■ To generate a new encryption key and newly encrypted passwords for all current
Instant Messaging Server passwords:
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml rekey
This chapter describes the iwadmin command. It gives the tool’s syntax, commands
and command options, and examples of its usage.
Syntax
The syntax of the iwadmin command is:
iwadmin [ iwadmin options ] command [ command-specific options ]
iwadmin Options
There are two iwadmin options. The options can be placed anywhere after the
iwadmin command:
Table 31–1 lists the iwadmin options that are available.
with Instant Messaging Server. Table 31–2 lists the IM Web components.
Table 31–2 Options for Web Components Provided with the Instant Messaging Server
Web Component Description
im Use was deprecated in Instant Messaging Server 8; obsolete and
unavailable since Instant Messaging Server 9.0.0.0.0
httpbind Can be used with all iwadmin commands, except for the
iwadmin list command.
presenceapi This option corresponds to the Web Presence API. It can only be
used with the iwadmin generatezip command. For more
information on the Web Presence API, see "Using the Web
Presence API".
■ To create a ZIP file containing a WAR file and other files needed for deploying the
presenceapi IM Web component (see generatezip in Table 31–3):
iwadmin generatezip presenceapi -c /opt/components/presence/config -d
/opt/components/presence/config/deploy/presenceapi.zip
passwordtool Overview
The passwordtool command makes it possible to:
■ Generate encryption keys for passwords
■ Re-generate encryption keys for passwords
■ Generate encrypted passwords
■ Verify that an unencrypted password matches an encrypted password
In versions prior to Instant Messaging Server 9.0.1.4.0, you had to enter unencrypted
passwords in configuration files.
You can use the password tool with the following Web components that are provided
with Instant Messaging Server:
■ HTTPBIND
■ Web Presence API
See "Examples" for how to use the password tool.
Requirements: Must be run locally as root.
Location: InstantMessaging_home/sbin/passwordtool
Syntax
The syntax of the passwordtool command is:
passwordtool [ IM_Web_component ] [ command ] [ command specific options ]
Examples
The following examples show how to use the Instant Messaging Server passwordtool
command. You must be logged in as root.
To generate a key for creating passwords, change to the directory that contains the
configuration file for the IM Web component and use the generate-key option:
cd config-file-dir
InstantMessaging_home/sbin/passwordtool IM_Web_component generate-key
Once generated, enter the password in the configuration file for the Web component.
To generate an encrypted password from the cleartext password abcd for the
HTTPBIND component:
cd httpbind_config_dir
.../passwordtool httpbind generate-key
.../passwordtool httpbind generate abcd
MmHRfLCIB0ej5KGDqLC45Q==
The sipgateway is currently not available for use with the password tool.
Parameters
■ The key consists of all the characters in the line starting with the first
non-whitespace character and up to the first ASCII equal sign ( = ) or semi-colon ( ;
). If the key is terminated by a semi-colon, it is followed by lang- and a tag that
indicates the language in which this value is to be interpreted. The language tag is
followed by an equal sign ( = ). All whitespace characters before and after the
equal sign are ignored. All remaining characters on the line become part of the
associated value string.
■ Multiple values in the value string are separated using commas ( , ).
■ Within a value, if any special characters like comma, space, newline, tab, double
quotes, or backslash are present, the entire value needs to be within double quotes.
In addition, every carriage return, line feed, tab, backslash, and double quotes
within the value must be specified with a backslash ( \ ).
■ If you make changes to the httpbind.conf file, you must refresh the gateway's web
container in order for the new configuration settings to take effect.